🠛
QuantaVirt ›
PQC Algorithm Parameters
PQC Algorithm Parameters
QV-REF-PQC
Rev 1.0 — January 2026
Reference
Complete reference for all cryptographic algorithms supported by QuantaVirt's PQC subsystem — NIST-standardized post-quantum algorithms, symmetric ciphers, hash functions, and key derivation, with exact parameter sizes, security levels, and performance benchmarks on both software and QUAC 100 hardware backends.
Algorithm Overview #
Category Algorithm Standard Purpose in QuantaVirt
Key Encapsulation ML-KEM-512 / 768 / 1024 FIPS 203 Storage encryption key wrapping, PQC tunnel key exchange, migration key agreement Digital Signature ML-DSA-44 / 65 / 87 FIPS 204 VM attestation, firmware signing, audit log integrity Digital Signature SLH-DSA-128s / 128f / 192s / 192f / 256s / 256f FIPS 205 Stateless hash-based signatures (fallback) AEAD Cipher AES-256-GCM NIST SP 800-38D Disk sector encryption, tunnel bulk cipher AEAD Cipher ChaCha20-Poly1305 RFC 8439 Alternative AEAD (ARM / no AES-NI) Hash SHA-3 (256 / 512), SHAKE-128 / 256 FIPS 202 Internal hashing, KDF, QRNG conditioning KDF HKDF-SHA-3-256 RFC 5869 + FIPS 202 Key derivation from shared secrets RNG QRNG (QUAC 100 hardware) NIST SP 800-90B Quantum random number generation
ML-KEM (FIPS 203) #
Module-Lattice-Based Key-Encapsulation Mechanism, standardized by NIST as FIPS 203 (August 2024). Based on the CRYSTALS-Kyber algorithm. Used in QuantaVirt for all key exchange operations.
Parameter Sets
Parameter ML-KEM-512 ML-KEM-768 ML-KEM-1024
NIST Security Level 1 (128-bit) 3 (192-bit) 5 (256-bit) QuantaVirt Config String "ML-KEM-512""ML-KEM-768""ML-KEM-1024"Module Rank (k) 2 3 4 Polynomial Ring Zq [X]/(X256 +1), q = 3329 Public Key (pk) Size 800 bytes 1,184 bytes 1,568 bytes Secret Key (sk) Size 1,632 bytes 2,400 bytes 3,168 bytes Ciphertext (ct) Size 768 bytes 1,088 bytes 1,568 bytes Shared Secret (ss) Size 32 bytes 32 bytes 32 bytes Encapsulation Randomness 32 bytes 32 bytes 32 bytes Compression (du , dv ) (10, 4) (10, 4) (11, 5) η1 , η2 (3, 2) (2, 2) (2, 2) Failure Probability 2-139 2-164 2-174
Operations
Operation Input Output C API
KeyGen 32 bytes seed (QRNG) pk, sk mlkem_keygen(pk, sk, params)Encaps pk, 32 bytes randomness ct, ss mlkem_encaps(ct, ss, pk, params)Decaps sk, ct ss mlkem_decaps(ss, ct, sk, params)
ML-DSA (FIPS 204) #
Module-Lattice-Based Digital Signature Algorithm, standardized as FIPS 204 (August 2024). Based on CRYSTALS-Dilithium. Used in QuantaVirt for attestation, firmware signatures, and audit integrity.
Parameter Sets
Parameter ML-DSA-44 ML-DSA-65 ML-DSA-87
NIST Security Level 2 (128-bit) 3 (192-bit) 5 (256-bit) QuantaVirt Config String "ML-DSA-44""ML-DSA-65""ML-DSA-87"Module Dimensions (k, ℓ) (4, 4) (6, 5) (8, 7) Polynomial Ring Zq [X]/(X256 +1), q = 8380417 Public Key (pk) Size 1,312 bytes 1,952 bytes 2,592 bytes Secret Key (sk) Size 2,560 bytes 4,032 bytes 4,896 bytes Signature (sig) Size 2,420 bytes 3,309 bytes 4,627 bytes γ1 217 219 219 γ2 (q-1)/88 (q-1)/32 (q-1)/32 η 2 4 2 τ 39 49 60 β 78 196 120 ω (max hint weight) 80 55 75
Operations
Operation Input Output C API
KeyGen 32 bytes seed pk, sk mldsa_keygen(pk, sk, params)Sign sk, message sig mldsa_sign(sig, msg, msg_len, sk, params)Verify pk, message, sig boolean mldsa_verify(sig, msg, msg_len, pk, params)
SLH-DSA (FIPS 205) #
Stateless Hash-Based Digital Signature Algorithm, standardized as FIPS 205. Based on SPHINCS+. Available as a conservative fallback — relies only on hash function security with no lattice assumptions.
Parameter Sets
Parameter Set Security Level pk (bytes) sk (bytes) sig (bytes) Variant
SLH-DSA-SHA2-128s1 32 64 7,856 Small sig, slow sign SLH-DSA-SHA2-128f1 32 64 17,088 Fast sign, large sig SLH-DSA-SHA2-192s3 48 96 16,224 Small sig, slow sign SLH-DSA-SHA2-192f3 48 96 35,664 Fast sign, large sig SLH-DSA-SHA2-256s5 64 128 29,792 Small sig, slow sign SLH-DSA-SHA2-256f5 64 128 49,856 Fast sign, large sig SLH-DSA-SHAKE-128s1 32 64 7,856 SHAKE-based, small sig SLH-DSA-SHAKE-128f1 32 64 17,088 SHAKE-based, fast sign SLH-DSA-SHAKE-192s3 48 96 16,224 SHAKE-based, small sig SLH-DSA-SHAKE-192f3 48 96 35,664 SHAKE-based, fast sign SLH-DSA-SHAKE-256s5 64 128 29,792 SHAKE-based, small sig SLH-DSA-SHAKE-256f5 64 128 49,856 SHAKE-based, fast sign
Symmetric Algorithms #
Algorithm Config String Key Size Nonce/IV Tag Size Standard Notes
AES-256-GCM "AES-256-GCM"256 bits 96 bits 128 bits NIST SP 800-38D Default AEAD. Hardware-accelerated with AES-NI. ChaCha20-Poly1305 "ChaCha20-Poly1305"256 bits 96 bits 128 bits RFC 8439 Alternative AEAD. Constant-time without hardware support.
Hash Functions #
Function Output Size Block Size Standard Use in QuantaVirt
SHA-3-256 256 bits 1088 bits FIPS 202 General hashing, integrity verification SHA-3-512 512 bits 576 bits FIPS 202 Extended integrity, key stretching SHAKE-128 Variable 1344 bits FIPS 202 Internal to ML-KEM/ML-DSA SHAKE-256 Variable 1088 bits FIPS 202 Internal to ML-KEM/ML-DSA, QRNG conditioning
Key Derivation #
Function Parameters Standard Use in QuantaVirt
HKDF-SHA-3-256 Extract: IKM + salt → PRK; Expand: PRK + info → OKM RFC 5869 + FIPS 202 Derive encryption keys from ML-KEM shared secrets
/* Key derivation flow in QuantaVirt */
1. ML-KEM Decaps → shared_secret (32 bytes)
2. HKDF-Extract(salt=QRNG(32), IKM=shared_secret) → PRK (32 bytes)
3. HKDF-Expand(PRK, info="quantavirt-disk-enc-v1", L=32) → AES-256 key
4. HKDF-Expand(PRK, info="quantavirt-disk-iv-v1", L=12) → base nonceNIST Security Levels #
Level Classical Equivalent Quantum Equivalent QuantaVirt Algorithms Recommended For
1 AES-128 keysearch Grover on AES-128 ML-KEM-512, SLH-DSA-128* General purpose, non-classified 2 SHA-256 collision — ML-DSA-44 Standard attestation 3 AES-192 keysearch Grover on AES-192 ML-KEM-768, ML-DSA-65, SLH-DSA-192* Government, financial — QuantaVirt default 5 AES-256 keysearch Grover on AES-256 ML-KEM-1024, ML-DSA-87, SLH-DSA-256* Top Secret, critical infrastructure, CNSA 2.0
CNSA 2.0 Compliance: For NSA CNSA 2.0 (Commercial National Security Algorithm Suite), use ML-KEM-1024 + ML-DSA-87 (Security Level 5). QuantaVirt's PQC subsystem is designed for full CNSA 2.0 readiness.
Measured on Intel Xeon w5-3435X @ 3.1 GHz. QUAC 100 firmware 1.0.0.
ML-KEM Performance
Operation ML-KEM-512 ML-KEM-768 ML-KEM-1024
Software Backend KeyGen 0.08 ms 0.12 ms 0.18 ms Encaps 0.10 ms 0.15 ms 0.22 ms Decaps 0.12 ms 0.18 ms 0.25 ms QUAC 100 Hardware Backend KeyGen 0.4 µs 0.5 µs 0.7 µs Encaps 0.5 µs 0.6 µs 0.8 µs Decaps 0.5 µs 0.7 µs 0.9 µs Speedup ~200× ~250× ~280× Throughput (ops/sec) 2,500,000 1,400,000 1,100,000
ML-DSA Performance
Operation ML-DSA-44 ML-DSA-65 ML-DSA-87
Software Backend KeyGen 0.15 ms 0.25 ms 0.38 ms Sign 0.55 ms 0.95 ms 1.20 ms Verify 0.17 ms 0.28 ms 0.41 ms QUAC 100 Hardware Backend KeyGen 0.8 µs 1.2 µs 1.8 µs Sign 2.5 µs 4.0 µs 5.5 µs Verify 0.9 µs 1.4 µs 2.0 µs Speedup (Sign) ~220× ~240× ~220×
AEAD Performance
Algorithm Software (AES-NI) QUAC 100 Notes
AES-256-GCM (4 KB block) ~12 GB/s ~25 GB/s Per-sector disk encryption throughput ChaCha20-Poly1305 (4 KB block) ~8 GB/s ~18 GB/s Constant-time alternative
Algorithm Usage Map #
Where each algorithm is used within QuantaVirt's subsystems.
Subsystem KEM DSA AEAD Hash
Storage Encryption ML-KEM (key wrap) — AES-256-GCM / ChaCha20 SHA-3-256 (integrity) PQC Network Tunnel ML-KEM (key exchange) — AES-256-GCM / ChaCha20 SHA-3-256 (MAC) VM Attestation — ML-DSA (sign/verify) — SHA-3-512 (measurement) Firmware Signing — ML-DSA-87 — SHA-3-256 Live Migration ML-KEM (channel key) ML-DSA (host auth) AES-256-GCM (page xfer) SHA-3-256 (page hash) Audit Log — ML-DSA (entry signing) — SHA-3-256 (hash chain) QRNG Conditioning — — — SHAKE-256 Key Derivation — — — HKDF-SHA-3-256